# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=unbound
pkgver=1.11.0
pkgrel=0
pkgdesc="Unbound is a validating, recursive, and caching DNS resolver"
url="http://unbound.net/"
arch="all"
license="BSD-3-Clause"
depends="dns-root-hints dnssec-root"
depends_dev="expat-dev"
_depends_migrate="/bin/sh apk-tools dns-root-hints openrc"
makedepends="$depends_dev libevent-dev openssl-dev python3-dev swig linux-headers"
install="$pkgname.pre-install"
options="!check"
pkgusers="unbound"
pkggroups="unbound"
subpackages="$pkgname-dev $pkgname-doc $pkgname-libs $pkgname-dbg
	$pkgname-openrc py-unbound:py $pkgname-migrate::noarch"
source="https://unbound.net/downloads/unbound-$pkgver.tar.gz
	conf.patch
	migrate-dnscache-to-unbound
	$pkgname.initd
	$pkgname.confd
	"

# secfixes:
#   1.10.1-r0:
#     - CVE-2020-12662
#     - CVE-2020-12663
#   1.9.5-r0:
#     - CVE-2019-18934
#   1.9.4-r0:
#     - CVE-2019-16866

build() {
	PYTHON_VERSION=3 ./configure \
		--build="$CBUILD" \
		--host="$CHOST" \
		--prefix=/usr \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--localstatedir=/var \
		--with-username=unbound \
		--with-run-dir="" \
		--with-pidfile="" \
		--with-rootkey-file=/usr/share/dnssec-root/trusted-key.key \
		--with-libevent \
		--with-pthreads \
		--disable-static \
		--disable-rpath \
		--with-ssl \
		--without-pythonmodule \
		--with-pyunbound

	# do not link to libpython
	sed -i -e '/^LIBS=/s/-lpython.*[[:space:]]/ /' Makefile

	make
}

package() {
	make DESTDIR="$pkgdir" install
	make DESTDIR="$pkgdir" unbound-event-install

	install -Dm755 contrib/update-anchor.sh \
		"$pkgdir"/usr/share/$pkgname/update-anchor.sh

	mkdir -p "$pkgdir"/usr/share/doc/$pkgname/
	install -m644 doc/CREDITS doc/Changelog doc/FEATURES \
		doc/README doc/TODO "$pkgdir"/usr/share/doc/$pkgname/

	cd "$pkgdir"

	mkdir -p ./etc/unbound
	rm -f ./etc/unbound/root.hints
	ln -s ../../usr/share/dns-root-hints/named.root ./etc/unbound/root.hints

	install -Dm755 "$srcdir"/unbound.initd ./etc/init.d/unbound
	install -Dm644 "$srcdir"/unbound.confd ./etc/conf.d/unbound
}

libs() {
	pkgdesc="unbound shared libraries"
	depends="$depends_libs"

	mkdir -p "$subpkgdir"/usr/lib
	mv "$pkgdir"/usr/lib/lib*.so.* "$subpkgdir"/usr/lib/
}

openrc() {
	depends="$depends_openrc"

	default_openrc
}

py() {
	pkgdesc="Python bindings to libunbound"
	depends="$depends_py"

	mkdir -p "$subpkgdir"/usr/lib/
	mv "$pkgdir"/usr/lib/python* "$subpkgdir"/usr/lib/
}

migrate() {
	pkgdesc="Simple tool to migrate from dnscache to unbound"
	depends="$_depends_migrate"

	install -m755 -D "$srcdir"/migrate-dnscache-to-unbound \
		"$subpkgdir"/usr/bin/migrate-dnscache-to-unbound
}

sha512sums="511e787c5f9647286b07028702a8909390e0e6eafe7224459d5f1eee8a8dfb09c71e33f291e30851dc57411123b91dfe0e124787109a7e4afdf6f3b02768e7cd  unbound-1.11.0.tar.gz
10e76b0c0e256cf81d55a6f089644693feb94bd2470730bcbcedb5f340397d2316f3a9ee57adc3d5e84e83cc26109c8cb48f6e2e3bfdbd186e40071b7b4284f1  conf.patch
0a5c7b8f2b8c79c5384bce05962c8f8f5f31ce3aeb967b0e897361a24ea7065eb4e7c28ff3acfb0fb0d46be966d4e526e64b231f49b589ec63f576c25433bb59  migrate-dnscache-to-unbound
8ceabe5efcccfa1d9e210a8166de60ce218ea0261b9edf620524f33216786fad64d6cd8551255942091ee171247222a49a99a1a1ca1999d43fff00ccb17b6276  unbound.initd
40c660f275a78f93677761f52bdf7ef151941e8469dd17767a947dbe575880e0d113c320d15c7ea7e12ef636d8ec9453eeae804619678293fa35e3d4c7e75a71  unbound.confd"
